Are Your Clients Insuring for Disasters?
Column: Real Stories, Real Solutions
Oct. 01, 2009
From the Oct. 2009 Issue
Susan, Robert and Gary have a problem. They have to prepare for the unexpected:
What would happen if disaster struck and there was a period that they couldn’t
get to their systems? And, even though the likelihood of a potentially crippling
event was small, how much should their companies invest to try to “protect”
- Susan manages a large group of Quick Service restaurants with locations
across multiple states. They have thousands of employees, many who live paycheck
to paycheck, and she worries about what those employees would do if the company
was late on a payday. Would a delay in payroll cause some to lose confidence
and go work for a competitor?
- Robert owns a parts distribution company with one location and 20 employees.
His office manager makes a tape back each day and Friday he takes home the
weekly back up. What happens if there’s a problem in the middle of the
week and he falls behind on orders and shipments? They recently automated
a lot of their work flow and clients said it improved their customer service.
Would they jeopardize that good will if they were pushed back into their old
- Gary runs a furniture manufacturing company. His big fear is loss of efficiency
if their system was unavailable. How they would know what was in stock? Would
they be setting incorrect expectations to customers on availability and delivery
Three different businesses in size, revenue, locations and employees. Three
different risk factors. Yet while their businesses are diverse, they all have
one thing in common: what risk/reward ratio are they willing to live with if
they can’t run internal systems? How much does it cost? What’s the
right thing to do?
Planning for Disaster Recovery is very much like planning for a fire or a
car wreck: How much risk are you willing to take, and how much insurance do
you need “just in case.” Disaster recovery and business continuity
takes many forms, all of which may be viable solutions, just not for everyone.
Since there is no one size fits all – the best solution is the one that is right
for the individual business.
There are several good tools and services available, some of which were covered
in the September 2009 issue of The CPA Technology Advisor in columns
by Scott Cytron (www.CPATechAdvisor.com/go/2489)
and Randy Johnston (www.CPATechAdvisor.com/go/2491).
The tricky part is to honestly identify exactly what you need and how much insurance
you need in anticipation of those “events.”
Here are some ideas to help you prepare and make those decisions in your individual
situation or for your unique company:
• Document your manual processes so you can quickly start
using them if disaster strikes. Do you have a name and number lists
so you can reach key people? Do you have in place a plan for something as
simple as forwarding your phones to a remote location or a cell phone so you
can keep in touch with customers and vendors?
• Back-ups are the logical great first step. But,
how many times have you heard where companies went to their back ups only
to find they did not back up the right folders or the tape was bad? Or worse,
backups were not really running, they just acted like it. To address this
issue it is vital you test the integrity of your backups. Perform a full test
restore periodically. How often you test that is directly related to your
comfort level. Run some test data in all your software applications. Don’t
forget to take old tapes or other media out of the backup rotation.
• Keeping backups off site gives you the security that your
backups won’t go up in flames, get drowned or taken by thieves
when everything else in the office if affected. Again you need to know your
tolerance for how much work you want to do to determine how often you rotate
• If your systems are up and running and your data gets damaged
– how much work time can you afford to spend recreating the data since
your last backup? Robert’s parts distributor currently holds all shipping/receiving
information until the end of the day and enters their sales orders in the
morning. They are most vulnerable two times of the day right before posting.
• If your system shuts down due to hardware failure
– how long could the business go before the system needed to be back
up? Gary’s manufacturing company’s “insurance” is
the manual backup systems they still utilize. Gary says he didn’t need
to have backups more than once a day and rotating their tape off site to an
owner’s house seemed to work well. Just as important to protect their
investment, Gary committed to keep their hardware up to date and on current
versions of the software applications and operating system. That would make
it easier for them to quickly replace their hardware. They also have Terminal
Server in place so the server could be anywhere.
• If you run payroll in house – how much leeway do
you have from when you get timecards in to when paychecks needs to be in employee
hands? If you had to do them manually how long would it take? Getting checks
to 25 employees is totally different than paychecks for 3,500, which was Susan’s
concern as a restaurant franchisee. She needed a more comprehensive “insurance
policy” that in her case led to the decision to store a printer with
a MICR cartridge and blank check stock off site with a virtual server image
of their install just in case their building was damaged. Their insurance
was the ability for an authorized person from their team to actually work
out of the remote site and produce payroll.
This was a more comprehensive choice because of the duplicated system, the
hardware to support and the services to keep it current. The restaurant company
decided that after the initial setup they were fine with testing the system
just once a year. This was a fine tuning change that made them feel their “insurance
policy” was a good investment.
Be honest with yourself as you assess the business tolerance for what might
arise as a result of a disaster. Take the time to list out and understand your
most vulnerable processes. Assess what pieces are impacted and what your business
would look like if you could not access your systems for 1 day, 3 days, 7 days
– you get the picture. At one of those points you “cry uncle”
and say I can’t go that long.
Once you know what you can and can’t live with, you’ll know how
much “insurance” you need to consider. The next step now is to decide
on the individual tools and then implement. You then have the assurance of knowing
you really have thought through the contingencies and you can live with and
survive with the consequences.